From securityaffairs.co
Researchers from cybersecurity firm ThreatFabric have spotted in the beginning of August a new Android banking trojan, dubbed SOVA, that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. The name SOVA comes from the Russian word for owl.
The malware allows attacker to gather sensitive data from infected devices, including banking credentials and PII.
The banking trojan implements multiple harvesting capabilities, the malicious code is able to steal credentials and session cookies leveraging web overlay attacks, logging keystrokes, hiding notifications, and through clipboard highjacking.